Uploaded bySoundaryaBC2
PPTX, PDF223 views

X.800 defines a security service iyew gt

The document provides an overview of computer security, including essential concepts like confidentiality, integrity, and availability, alongside the types of cryptographic attacks and mechanisms to counter them. It focuses on various security services defined by the X.800 standard and describes security attacks, dividing them into passive and active categories, with examples of real-world incidents. Additionally, it outlines case studies of notable cyber attacks against organizations such as the Finnish parliament and Mailchimp, highlighting the impact of these security breaches.

Embed presentation

Download to read offline
MODULE-1 INTRODUCTION: Security Goals, Cryptographic Attacks, Services and Mechanisms, Techniques.
What is Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). This definition introduces three key objectives that are at the heart of computer security: ■ Confidentiality: This term covers two related concepts: • Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. • Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Introduction • When computer data travels in a network, there exist several threats to the data such as modification, forging, etc. • Cryptography is the method of transforming a message at the sender to unreadable format to protect it from unauthorized access in transit. • At the receiver, the unreadable message is returned back to its original form. There are three aspects of information security which needs to be considered: Security attack – Any action that compromises the security of information owned by an organization. Security mechanism – A mechanism that is designed to detect, prevent, or recover from a security attack. Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service
X.800 X.800, also known as the "Security Architecture for Open Systems Interconnection (OSI)," is a standard developed by the International Telecommunication Union (ITU). It provides a comprehensive framework for securing open systems and communications networks.
Security Services X.800 defines a security service as a protocol layer service that ensures system and data transfer security in open systems. RFC 4949 defines it as a service providing specific protection to system resources, implementing security policies through security mechanisms. X.800 divides these services into five categories. 1. Authentication : The authentication service ensures that communications are authentic. For a single message, it confirms that the message is from the claimed source. For ongoing interactions, it verifies the authenticity of both entities at the start and ensures the connection is not compromised by third parties. X.800 defines two specific authentication services: • Peer Entity Authentication: Verifies the identity of a peer entity in an association, such as two TCP modules in different systems. It is used at connection establishment or during data transfer to ensure no masquerading or unauthorized replay. • Data Origin Authentication: Confirms the source of a data unit, but does not protect against duplication or modification. It is useful for applications like email where prior interactions are not present.
2. Access control : In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual. 3. Data Confidentiality: Confidentiality protects transmitted data from passive attacks. It can be implemented at different levels: • Broad Protection: Safeguards all user data transmitted over a period, such as data in a TCP connection. • Narrower Protection: Focuses on single messages or specific fields, though these are less effective and more complex. Confidentiality also includes protecting traffic flow from analysis, preventing attackers from observing traffic characteristics like source, destination, frequency, and length.
4 Data Integrity: Integrity can apply to a stream of messages, a single message, or specific fields. The most effective approach is total stream protection. • Connection-Oriented Integrity: Ensures that messages in a stream are received as sent, with no duplication, modification, reordering, or replay. It also covers data destruction and denial of service. • Connectionless Integrity: Focuses on individual messages, primarily protecting against modification. Integrity services can be with or without recovery. For active attacks, detection is crucial, and violations may need manual or automated recovery mechanisms. Automated recovery is generally preferred. 5 Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message.
Availability • Both X.800 and RFC 4949 define availability as the ability of a system or resource to be accessible and usable by authorized entities upon demand, according to system performance specifications. • Availability is impacted by various attacks, some of which can be mitigated through automated measures like authentication and encryption, while others require physical intervention. • X.800 considers availability as part of various security services but also identifies it as a specific service
Security Mechanisms The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those that are not specific to any particular protocol layer or security service. 1. SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. a) Encipherment The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. b) Digital Signature Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the
c) Access Control A variety of mechanisms that enforce access rights to resources. d) Data Integrity A variety of mechanisms used to assure the integrity of a data unit or stream of data units. e) Authentication Exchange A mechanism intended to ensure the identity of an entity by means of information exchange. f) Traffic Padding The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. g) Routing Control Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. h) Notarization The use of a trusted third party to assure certain properties of a data exchange. Security Mechanisms conti…
2. PERVASIVE SECURITY MECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer. a. Trusted Functionality That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). b. Security Label The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. c. Event Detection Detection of security-relevant events. d. Security Audit Trail Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
Security attacks A useful means of classifying security attacks, used both in X.800 and RFC 4949, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive attack Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. • The release of message contents is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
Passive attacks are very difficult to detect, because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. Active attacks Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
A masquerade takes place when one entity pretends to be a different entity (path 2 of previous Figure). A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect (paths 1, 2, and 3 active). Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect (paths 1 and 2 active). For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
The denial of service prevents or inhibits the normal use or management of communications facilities (path 3 active). This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.
Case Studies • Finnish Parliament attack • In August 2022, the Finnish parliament's website experienced a DDoS attack while the parliament was in session. This denial-of-service attack may be part of a coordinated campaign by Russian state-sponsored hackers to disrupt the Finnish government’s websites in retaliation for the application to join NATO. A DDoS attack temporarily blocks access to a website but does not cause permanent destruction. • Ukrainian state nuclear power company attack • The Russian “hacktivist” group called the People’s Cyber Army engaged 7.25 million bots in August 2022 in a bot attack to take the Energoatom website down. It used a flood of garbage web traffic and webpage requests. A disruption of online services lasted for a few hours, but no permanent negative impact remained. The attack was part of a Russian psyops campaign to create fear of a nuclear disaster and terrorize Europeans.
• Greek natural gas distributor attack • Greek national gas distributor DESFA reported an incidence of a cyber attack in August 2022. The attack impacted part of the company’s IT infrastructure and caused a data leak. The ransomware operation of cybercriminals called Ragnar Locker is holding the stolen data hostage. They demand ransom not to expose sensitive data. The company refused to make a payment.
Mailchimp In January 2023, Mailchimp, a prominent platform for email marketing and newsletters, detected an unauthorized user within its infrastructure. They stated that an intruder had gained access to one of the tools Mailchimp uses for user account administration and customer support. The intruder had previously targeted Mailchimp employees and managed to get their account credentials through social engineering techniques. Afterward, the malicious actor used the compromised credentials to access data on 133 Mailchimp accounts. Mailchimp claimed that no sensitive information was stolen, but the breach may have exposed customer names and email addresses. Cisco In May 2022, Cisco, a multinational digital communications company, became aware of an attacker within their network. Their internal investigation showed that the attacker conducted a series of sophisticated voice phishing attacks to access a Cisco employee’s Google account. Since the employee’s credentials were synchronized in a browser, the attacker could easily access Cisco’s internal systems. After gaining initial access, the attacker tried to stay in Cisco’s network as long as possible and increase their level of access. However, Cisco’s security team successfully removed the attacker from the network. Later on, the ransomware gang Yanluowang posted leaked files on their website. According to Cisco, this breach had no impact on their business operations. Origin: https://www.ekransystem.com/en/blog/top-10-cyber-security-breaches © Ekran System

More Related Content

PDF
User manual fox-iii_08_2018_0123_en_68_print
byANH & EM Investment Development Jsc
 
PDF
Workshop Peningkatan Kompetensi Gambar Standar Bina Marga 2024
bygneissetiagraha2
 
PDF
Sni 7973 2013 spesifikasi desain untuk konstruksi kayu
byIrbah Mahdiah Ulfa
 
PDF
Penyaluran tulangan beton
byAchmat Nasrulloh
 
PPTX
Kuat geser tanah.pptx
byMufid Rahmadi
 
PPT
Tegangan
bymrihrenaningtyas
 
PPTX
PERENCANAAN TURAP
byDyah Rahmawati
 
PPTX
SPT ppt.pptx
byEwRiscaSqueershe
 
User manual fox-iii_08_2018_0123_en_68_print
byANH & EM Investment Development Jsc
 
Workshop Peningkatan Kompetensi Gambar Standar Bina Marga 2024
bygneissetiagraha2
 
Sni 7973 2013 spesifikasi desain untuk konstruksi kayu
byIrbah Mahdiah Ulfa
 
Penyaluran tulangan beton
byAchmat Nasrulloh
 
Kuat geser tanah.pptx
byMufid Rahmadi
 
Tegangan
bymrihrenaningtyas
 
PERENCANAAN TURAP
byDyah Rahmawati
 
SPT ppt.pptx
byEwRiscaSqueershe
 

Similar to X.800 defines a security service iyew gt

PPTX
information security unit 1 notes ppt contents
byKrishna681298
 
PDF
Cryptography and Network Security ppt . pdf
by22cc005
 
PPTX
Network security introduction part .pptx
byNithiMini
 
PPT
Network and Information Security unit 1.ppt
byVivekananda Gn
 
PPT
VIT311 Network Security Essentials Unit 1.ppt
byssuser000e54
 
PDF
Network security chapter 1
byosama elfar
 
PPTX
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
bymaniv2769
 
DOCX
CCS354-NETWORK SECURITY-network-security notes
byKiruba buri R
 
PPTX
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
bymaniv2769
 
PDF
ch01.pdf
bySamtech6
 
PPTX
Ch01 NetSec5e.pptx
byAwais725629
 
PDF
Ch01 NetSec5e.pdf
byMohammadAbusaa3
 
PPT
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
byNISHASOMSCS113
 
PPTX
CS8792 - Cryptography and Network Security
byvishnukp34
 
DOC
Unit 1
byVinod Kumar Gorrepati
 
DOCX
Unit 1
byVinod Kumar Gorrepati
 
PDF
Lec 01.pdf
byMohammedElkayesh
 
PDF
The Road Network security
byKhaled Omar
 
PPTX
abc.pptx
byBhargaviGorde1
 
PPTX
information security.pptx
byAwais725629
 
information security unit 1 notes ppt contents
byKrishna681298
 
Cryptography and Network Security ppt . pdf
by22cc005
 
Network security introduction part .pptx
byNithiMini
 
Network and Information Security unit 1.ppt
byVivekananda Gn
 
VIT311 Network Security Essentials Unit 1.ppt
byssuser000e54
 
Network security chapter 1
byosama elfar
 
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
bymaniv2769
 
CCS354-NETWORK SECURITY-network-security notes
byKiruba buri R
 
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
bymaniv2769
 
ch01.pdf
bySamtech6
 
Ch01 NetSec5e.pptx
byAwais725629
 
Ch01 NetSec5e.pdf
byMohammadAbusaa3
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
byNISHASOMSCS113
 
CS8792 - Cryptography and Network Security
byvishnukp34
 
Unit 1
byVinod Kumar Gorrepati
 
Unit 1
byVinod Kumar Gorrepati
 
Lec 01.pdf
byMohammedElkayesh
 
The Road Network security
byKhaled Omar
 
abc.pptx
byBhargaviGorde1
 
information security.pptx
byAwais725629
 

More from SoundaryaBC2

PPTX
AI_Supply_Chain_Optimization_Agri_Healthcare (1).pptx
bySoundaryaBC2
 
PPTX
Comsnet PPt.pptxch.utils.data import DataLoader, TensorDatase
bySoundaryaBC2
 
PPTX
Input video frames are preprocessed (224x224 resizing, mean subtraction, norm...
bySoundaryaBC2
 
PPTX
Input video frames are preprocessed (224x224 resizing, mean subtraction, norm...
bySoundaryaBC2
 
PPTX
sssefffff.pptxpload two presentations to download Cyber Security and Safety i...
bySoundaryaBC2
 
PPTX
Presentation 2.pptx AI-powered home security systems Secure-by-design IoT fr...
bySoundaryaBC2
 
PPTX
ML.pptxdata into insights that can guide decision-making to create a more res...
bySoundaryaBC2
 
PPTX
. A primary application of this technology in healthcare is to enhance data ...
bySoundaryaBC2
 
PPTX
Presentation1 MAHE.pptxpload two presentations to download Cyber Security and...
bySoundaryaBC2
 
PPTX
Audio-Visual Deepfake Detection-ppt.pptx
bySoundaryaBC2
 
PPTX
CInput video frames are preprocessed (224x224 resizing, mean subtraction, nor...
bySoundaryaBC2
 
DOCX
Roles and Responsibilities of the Session Coordinator for the Conference.docx
bySoundaryaBC2
 
PPTX
Basics -1.pptx kiy fdest xfderwe dgdar d
bySoundaryaBC2
 
PDF
2024_IJCCBS-185291.pdf this is the pdf format i'm uploading
bySoundaryaBC2
 
AI_Supply_Chain_Optimization_Agri_Healthcare (1).pptx
bySoundaryaBC2
 
Comsnet PPt.pptxch.utils.data import DataLoader, TensorDatase
bySoundaryaBC2
 
Input video frames are preprocessed (224x224 resizing, mean subtraction, norm...
bySoundaryaBC2
 
Input video frames are preprocessed (224x224 resizing, mean subtraction, norm...
bySoundaryaBC2
 
sssefffff.pptxpload two presentations to download Cyber Security and Safety i...
bySoundaryaBC2
 
Presentation 2.pptx AI-powered home security systems Secure-by-design IoT fr...
bySoundaryaBC2
 
ML.pptxdata into insights that can guide decision-making to create a more res...
bySoundaryaBC2
 
. A primary application of this technology in healthcare is to enhance data ...
bySoundaryaBC2
 
Presentation1 MAHE.pptxpload two presentations to download Cyber Security and...
bySoundaryaBC2
 
Audio-Visual Deepfake Detection-ppt.pptx
bySoundaryaBC2
 
CInput video frames are preprocessed (224x224 resizing, mean subtraction, nor...
bySoundaryaBC2
 
Roles and Responsibilities of the Session Coordinator for the Conference.docx
bySoundaryaBC2
 
Basics -1.pptx kiy fdest xfderwe dgdar d
bySoundaryaBC2
 
2024_IJCCBS-185291.pdf this is the pdf format i'm uploading
bySoundaryaBC2
 

Recently uploaded

DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
PDF
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
PPTX
How to use search_read method in Odoo 18
byCeline George
 
PPTX
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PDF
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
PDF
Projecte de la porta d'i5B: Els animals marins
byeduardrubio1
 
PDF
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PPTX
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PDF
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
PDF
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
PPTX
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 
PPTX
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
PPTX
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
PPTX
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
PPTX
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
How to use search_read method in Odoo 18
byCeline George
 
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
Projecte de la porta d'i5B: Els animals marins
byeduardrubio1
 
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 

X.800 defines a security service iyew gt

  • 1.
    MODULE-1 INTRODUCTION: Security Goals,Cryptographic Attacks, Services and Mechanisms, Techniques.
  • 2.
    What is ComputerSecurity The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). This definition introduces three key objectives that are at the heart of computer security: ■ Confidentiality: This term covers two related concepts: • Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. • Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
  • 3.
    Introduction • When computerdata travels in a network, there exist several threats to the data such as modification, forging, etc. • Cryptography is the method of transforming a message at the sender to unreadable format to protect it from unauthorized access in transit. • At the receiver, the unreadable message is returned back to its original form. There are three aspects of information security which needs to be considered: Security attack – Any action that compromises the security of information owned by an organization. Security mechanism – A mechanism that is designed to detect, prevent, or recover from a security attack. Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service
  • 4.
    X.800 X.800, also knownas the "Security Architecture for Open Systems Interconnection (OSI)," is a standard developed by the International Telecommunication Union (ITU). It provides a comprehensive framework for securing open systems and communications networks.
  • 5.
    Security Services X.800 definesa security service as a protocol layer service that ensures system and data transfer security in open systems. RFC 4949 defines it as a service providing specific protection to system resources, implementing security policies through security mechanisms. X.800 divides these services into five categories. 1. Authentication : The authentication service ensures that communications are authentic. For a single message, it confirms that the message is from the claimed source. For ongoing interactions, it verifies the authenticity of both entities at the start and ensures the connection is not compromised by third parties. X.800 defines two specific authentication services: • Peer Entity Authentication: Verifies the identity of a peer entity in an association, such as two TCP modules in different systems. It is used at connection establishment or during data transfer to ensure no masquerading or unauthorized replay. • Data Origin Authentication: Confirms the source of a data unit, but does not protect against duplication or modification. It is useful for applications like email where prior interactions are not present.
  • 6.
    2. Access control: In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual. 3. Data Confidentiality: Confidentiality protects transmitted data from passive attacks. It can be implemented at different levels: • Broad Protection: Safeguards all user data transmitted over a period, such as data in a TCP connection. • Narrower Protection: Focuses on single messages or specific fields, though these are less effective and more complex. Confidentiality also includes protecting traffic flow from analysis, preventing attackers from observing traffic characteristics like source, destination, frequency, and length.
  • 7.
    4 Data Integrity: Integritycan apply to a stream of messages, a single message, or specific fields. The most effective approach is total stream protection. • Connection-Oriented Integrity: Ensures that messages in a stream are received as sent, with no duplication, modification, reordering, or replay. It also covers data destruction and denial of service. • Connectionless Integrity: Focuses on individual messages, primarily protecting against modification. Integrity services can be with or without recovery. For active attacks, detection is crucial, and violations may need manual or automated recovery mechanisms. Automated recovery is generally preferred. 5 Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message.
  • 8.
    Availability • Both X.800and RFC 4949 define availability as the ability of a system or resource to be accessible and usable by authorized entities upon demand, according to system performance specifications. • Availability is impacted by various attacks, some of which can be mitigated through automated measures like authentication and encryption, while others require physical intervention. • X.800 considers availability as part of various security services but also identifies it as a specific service
  • 9.
    Security Mechanisms The mechanismsare divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those that are not specific to any particular protocol layer or security service. 1. SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. a) Encipherment The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. b) Digital Signature Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the
  • 10.
    c) Access Control Avariety of mechanisms that enforce access rights to resources. d) Data Integrity A variety of mechanisms used to assure the integrity of a data unit or stream of data units. e) Authentication Exchange A mechanism intended to ensure the identity of an entity by means of information exchange. f) Traffic Padding The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. g) Routing Control Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. h) Notarization The use of a trusted third party to assure certain properties of a data exchange. Security Mechanisms conti…
  • 11.
    2. PERVASIVE SECURITYMECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer. a. Trusted Functionality That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). b. Security Label The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. c. Event Detection Detection of security-relevant events. d. Security Audit Trail Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
  • 12.
    Security attacks A usefulmeans of classifying security attacks, used both in X.800 and RFC 4949, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive attack Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. • The release of message contents is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
  • 13.
    A second typeof passive attack, traffic analysis, is subtler. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
  • 14.
    Passive attacks arevery difficult to detect, because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. Active attacks Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
  • 15.
    A masquerade takesplace when one entity pretends to be a different entity (path 2 of previous Figure). A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect (paths 1, 2, and 3 active). Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect (paths 1 and 2 active). For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
  • 16.
    The denial ofservice prevents or inhibits the normal use or management of communications facilities (path 3 active). This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.
  • 17.
    Case Studies • FinnishParliament attack • In August 2022, the Finnish parliament's website experienced a DDoS attack while the parliament was in session. This denial-of-service attack may be part of a coordinated campaign by Russian state-sponsored hackers to disrupt the Finnish government’s websites in retaliation for the application to join NATO. A DDoS attack temporarily blocks access to a website but does not cause permanent destruction. • Ukrainian state nuclear power company attack • The Russian “hacktivist” group called the People’s Cyber Army engaged 7.25 million bots in August 2022 in a bot attack to take the Energoatom website down. It used a flood of garbage web traffic and webpage requests. A disruption of online services lasted for a few hours, but no permanent negative impact remained. The attack was part of a Russian psyops campaign to create fear of a nuclear disaster and terrorize Europeans.
  • 18.
    • Greek naturalgas distributor attack • Greek national gas distributor DESFA reported an incidence of a cyber attack in August 2022. The attack impacted part of the company’s IT infrastructure and caused a data leak. The ransomware operation of cybercriminals called Ragnar Locker is holding the stolen data hostage. They demand ransom not to expose sensitive data. The company refused to make a payment.
  • 19.
    Mailchimp In January2023, Mailchimp, a prominent platform for email marketing and newsletters, detected an unauthorized user within its infrastructure. They stated that an intruder had gained access to one of the tools Mailchimp uses for user account administration and customer support. The intruder had previously targeted Mailchimp employees and managed to get their account credentials through social engineering techniques. Afterward, the malicious actor used the compromised credentials to access data on 133 Mailchimp accounts. Mailchimp claimed that no sensitive information was stolen, but the breach may have exposed customer names and email addresses. Cisco In May 2022, Cisco, a multinational digital communications company, became aware of an attacker within their network. Their internal investigation showed that the attacker conducted a series of sophisticated voice phishing attacks to access a Cisco employee’s Google account. Since the employee’s credentials were synchronized in a browser, the attacker could easily access Cisco’s internal systems. After gaining initial access, the attacker tried to stay in Cisco’s network as long as possible and increase their level of access. However, Cisco’s security team successfully removed the attacker from the network. Later on, the ransomware gang Yanluowang posted leaked files on their website. According to Cisco, this breach had no impact on their business operations. Origin: https://www.ekransystem.com/en/blog/top-10-cyber-security-breaches © Ekran System